Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability found on latest version of json-as-xlsx #74

Closed
pinceladasdaweb opened this issue Apr 29, 2023 · 6 comments
Closed

Vulnerability found on latest version of json-as-xlsx #74

pinceladasdaweb opened this issue Apr 29, 2023 · 6 comments

Comments

@pinceladasdaweb
Copy link

Summary

There are vulnerability found in the json-as-xlsx version 2.5.3 due to xlsx.

Captura de Tela 2023-04-29 às 18 25 02

Possible Solution

Updating the xlsx dependency to patched version: 0.19.3

Context

More information about CVE is here: GHSA-4r6h-8v6p-xvw6

@githubjosh
Copy link

please fix this. simply update your dependencies to use the CDN - SheetJS/sheetjs#2822 (comment)

"dependencies" : {
  "xlsl" : "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz"
}

@githubjosh
Copy link

githubjosh commented Jun 23, 2023

related, is this package still being maintained?

@piotrzaborow
Copy link

@LuisEnMarroquin can you help with fix the issue?

PR #77 for this is already published and waiting for merging.

@pinceladasdaweb
Copy link
Author

@LuisEnMarroquin Please, accept the PR.

@LuisEnMarroquin
Copy link
Owner

Hello there, sorry, it was a long time since I modified this project

It should be solved by this PR: #88

Can you help me review it? Thanks in advance

@pinceladasdaweb
Copy link
Author

Thank you for this fix @LuisEnMarroquin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants